Skip to content

Commit

Permalink
GH-1550: DefaultKafkaHeaderMapper - trust arrays
Browse files Browse the repository at this point in the history 
Resolves #1550

- trust arrays of trusted types (including arrays of primitive wrappers and String))
- trust arrays of primitives
  • Loading branch information
@garyrussell
garyrussell committed Jul 29, 2020
1 parent 7a53401 commit af0ad5b
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 5 deletions.
19 changes: 17 additions & 2 deletions spring-kafka/src/main/java/org/springframework/kafka/support/DefaultKafkaHeaderMapper.java
View file
Expand Up @@ -20,6 +20,7 @@
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
Expand Down Expand Up @@ -61,6 +62,16 @@ public class DefaultKafkaHeaderMapper extends AbstractKafkaHeaderMapper {

private static final String JAVA_LANG_STRING = "java.lang.String";

private static final Set<String> TRUSTED_ARRAY_TYPES =
new HashSet<>(Arrays.asList(
"[B",
"[I",
"[J",
"[F",
"[D",
"[C"
));

private static final List<String> DEFAULT_TRUSTED_PACKAGES =
Arrays.asList(
"java.lang",
Expand Down Expand Up @@ -362,12 +373,16 @@ protected boolean trusted(String requestedType) {
if (requestedType.equals(NonTrustedHeaderType.class.getName())) {
return true;
}
if (TRUSTED_ARRAY_TYPES.contains(requestedType)) {
return true;
}
String type = requestedType.startsWith("[") ? requestedType.substring(2) : requestedType;
if (!this.trustedPackages.isEmpty()) {
int lastDot = requestedType.lastIndexOf('.');
int lastDot = type.lastIndexOf('.');
if (lastDot < 0) {
return false;
}
String packageName = requestedType.substring(0, lastDot);
String packageName = type.substring(0, lastDot);
for (String trustedPackage : this.trustedPackages) {
if (packageName.equals(trustedPackage) || packageName.startsWith(trustedPackage + ".")) {
return true;
Expand Down
30 changes: 27 additions & 3 deletions ...-kafka/src/test/java/org/springframework/kafka/support/DefaultKafkaHeaderMapperTests.java
View file
Expand Up @@ -66,10 +66,23 @@ void testTrustedAndNot() {
.setHeader("simpleContentType", MimeTypeUtils.TEXT_PLAIN_VALUE)
.setHeader("customToString", new Bar("fiz"))
.setHeader("uri", URI.create("https://foo.bar"))
.setHeader("intA", new int[] { 42 })
.setHeader("longA", new long[] { 42L })
.setHeader("floatA", new float[] { 1.0f })
.setHeader("doubleA", new double[] { 1.0 })
.setHeader("charA", new char[] { 'c' })
.setHeader("boolA", new boolean[] { true })
.setHeader("IntA", new Integer[] { 42 })
.setHeader("LongA", new Long[] { 42L })
.setHeader("FloatA", new Float[] { 1.0f })
.setHeader("DoubleA", new Double[] { 1.0 })
.setHeader("CharA", new Character[] { 'c' })
.setHeader("BoolA", new Boolean[] { true })
.setHeader("stringA", new String[] { "array" })
.build();
RecordHeaders recordHeaders = new RecordHeaders();
mapper.fromHeaders(message.getHeaders(), recordHeaders);
assertThat(recordHeaders.toArray().length).isEqualTo(10); // 9 + json_types
assertThat(recordHeaders.toArray().length).isEqualTo(23); // 21 + json_types
Map<String, Object> headers = new HashMap<>();
mapper.toHeaders(recordHeaders, headers);
assertThat(headers.get("foo")).isInstanceOf(byte[].class);
Expand All @@ -83,10 +96,21 @@ void testTrustedAndNot() {
assertThat(headers.get(MessageHeaders.ERROR_CHANNEL)).isEqualTo("errors");
assertThat(headers.get("customToString")).isEqualTo("Bar [field=fiz]");
assertThat(headers.get("uri")).isEqualTo(URI.create("https://foo.bar"));
assertThat(headers.get("intA")).isEqualTo(new int[] { 42 });
assertThat(headers.get("longA")).isEqualTo(new long[] { 42L });
assertThat(headers.get("floatA")).isEqualTo(new float[] { 1.0f });
assertThat(headers.get("doubleA")).isEqualTo(new double[] { 1.0 });
assertThat(headers.get("charA")).isEqualTo(new char[] { 'c' });
assertThat(headers.get("IntA")).isEqualTo(new Integer[] { 42 });
assertThat(headers.get("LongA")).isEqualTo(new Long[] { 42L });
assertThat(headers.get("FloatA")).isEqualTo(new Float[] { 1.0f });
assertThat(headers.get("DoubleA")).isEqualTo(new Double[] { 1.0 });
assertThat(headers.get("CharA")).isEqualTo(new Character[] { 'c' });
assertThat(headers.get("stringA")).isEqualTo(new String[] { "array" });
NonTrustedHeaderType ntht = (NonTrustedHeaderType) headers.get("fix");
assertThat(ntht.getHeaderValue()).isNotNull();
assertThat(ntht.getUntrustedType()).isEqualTo(Foo.class.getName());
assertThat(headers).hasSize(9);
assertThat(headers).hasSize(22);

mapper.addTrustedPackages(getClass().getPackage().getName());
headers = new HashMap<>();
Expand All @@ -95,7 +119,7 @@ void testTrustedAndNot() {
assertThat(new String((byte[]) headers.get("foo"))).isEqualTo("bar");
assertThat(headers.get("baz")).isEqualTo("qux");
assertThat(headers.get("fix")).isEqualTo(new Foo());
assertThat(headers).hasSize(9);
assertThat(headers).hasSize(22);
}

@Test
Expand Down

0 comments on commit af0ad5b

Please sign in to comment.